I've had the complete opposite experience to the author w.r.t. PiHole and WireGuard.
I run a PiHole on my home network and it's also my WireGuard "server". I will concede am lucky enough to have static IPv4/IPv6 addresses on my home connection.
On my iOS devices I have two connections set up: one for "access to home + DNS", and the other for all traffic. When I'm on my home wifi the VPN connection is off, when I'm on cellular data the DNS is set to the PiHole, and when I'm on any other wifi I route all traffic via the VPN (all automatically via the WireGuard app).
For my other mobile devices... well, they're Linux, so I just set the DNS server correctly and leave WireGuard always connected. It's a UDP "connection" for crying out loud.
This all works flawlessly now to the point that my less technically-minded roommate has it set up on their phone, too: they can access the NAS all the time and ads are blocked in the web browser and in apps.
One thing that gives me some confidence in NextDNS is that they have joined Mozilla's Trusted Recursive Resolver program.
Choosing it within Firefox's setting won't enable any of the filtering the article mentions, though. You need a custom config for that.
https://blog.mozilla.org/blog/2019/12/17/firefox-announces-n...
I tried NextDNS out recently, and had a few technical questions about how it was interacting with some specialised DNS software I was testing. I clicked the livechat button on the website and was connected within seconds to someone who understood DNS at the protocol level. It was... unexpected and amazing.
NextDNS is great for all my devices. let's me access Handshake domains easily from https://dns.live
The default blacklist for NextDNS is really good too; stops a lot of Windows phone home stuff too, and can easily see all that.
Don't add a bunch of blacklists though or websites break
> Despite how much I like Cloudflare and this specific service, I want to block trackers at the DNS level. 1.1.1.1 is probably the most reliable and fastest resolver there is on earth, but that does not fit my use case either.
Isn't this a bit poorly timed, considering the recent Cloudflare DNS announcement?
> In the coming months, we will provide the ability to define additional configuration settings for 1.1.1.1 for Families. This will include options to create specific whitelists and blacklists of certain sites. You will be able to set the times of the day when categories, such as social media, are blocked and get reports on your household's Internet usage.
https://blog.cloudflare.com/introducing-1-1-1-1-for-families...
I've started using NextDns on my phone (Android) for its simplicity and thoroughness.
One of the harder parts about DNS based blocking is that it's significantly more effort to unblock something like clicks from tracked deals sites than ublock browser extension.
For my routers, I'm mostly happy with last week's announced 1.1.1.2 malware blocking from Cloudflare.
NextDNS is also my new favorite DNS service - especially since they've been supporting Handshake name resolution at the click of a button since March 20th. [1]
[1] https://twitter.com/nextdnsio/status/1241178358257455104
I'm hosting my own DNS server with DoT/DoH as reverse proxy of PiHole server. The latency might not as impressive as NextDNS' (7~10ms on my phone via TMobile), and I can have full control of the stack.
Started using NextDNS a week ago and it's quite good so far. One of my concerns was how hard it would be to debug websites/services that stop working but it their logging being instant made it superbly easy. I can turn on logging, go to the website/app that doesn't work correctly, go right back to the NextDNS logs to see the requests instantly. You can then filter for the blocked ones too.
I tested the ipv6 latency to nextdns https://my.nextdns.io and opennic https://servers.opennic.org –– I'm impressed with the newcomer, with 21㎳ median it's very close to the 17㎳ median I currently enjoy.
This looks great, but unfortunately CloudFlare has 1ms ping for me but NextDNS has 50ms. I'm not quite sure how it can reply in 1ms, but that's what I'm getting.
NextDNS is excellent, I have my family and non-techie friends using it. Personally I just wireguard to my home network and use pihole.
Hopefully Windows, Linux, iOS, and MacOS natively support DoH soon. It's a pain setting up proxies.
Even worse, iOS forces you to use a fake VPN to change DNS servers at all on cellular!
Surrendering our DNS traffic to few massively centralized services is even worse than to local ISPs.
I switched from pointing various things to cloudflare to simply using NextDNS a while ago, and it's just excellent. The onboarding flow was way faster and easier than I thought it would be (fantastic setup documentation). Configurations are really great for customization at per-device granularity. Extremely slick and fast web UI. Great DNS latency + performance overall.
I was planning on setting up my own recursive resolver one day (tm) but NextDNS really just makes everything so seamless + easy.
And I'm impressed at the speed they're implementing new things I didn't even know I wanted (Handshake TLD, more blocklists, etc)
I've been using NextDNS on my laptop, two phones, and a tablet for months now, after hearing about it from a poster here on HN.
Love it. I'm just worried that there is something a bit more nefarious going on. If you're not paying, you're the product being sold.
Are we still just in the 'growth and acquire' phase here, where paid subscriptions will eventually be required?
NextDNS works great for me, I use it as a second layer to ublock origin and it still catches things.
Only downside I have is when something does break, and it happens occasionally, I have to whitelist the domain on their dashboard. You can only whitelist the domain for all requests, which is not what I would like. Would prefer to whitelist it on a specific page and for a temporary time.
Otherwise when something break I have to go to their dashboard, whitelist the domain, use the website and then go back and blacklist it again.
Would be nice if they had a browser extension that can do that in the browser without having to go to their dashboard
I deployed NextDNS for my family months ago. The Handshake resolver locked in NextDNS for my home network. I've been considering setting up PiHole as well — Handshake resolution would lock that in.
Interesting - just found weird behaviour in pihole. It's asking upstream to resolve "pi.hole" according to nextdns. That shouldn't be happening
also a fan of NextDNS. i have been using the service for a few weeks, since i saw them mentioned on twitter. looks like the aggregate number of queries from the many devices on my home network will exceed 300,000 per month, so i am happy to start paying as soon as they start charging.
It really is incredible, first time I couldn't think of any improvements a product could add
Support is also great. It accidentally a Dutch government website (probably had reasons) it was fixed < 24 h after my email.
I think its brilliant. Using client side ad-blockers on shitty hardware [to make things less slow] adds a good bit of overhead.
We use NextDNS to access Handshake domain names and it's been working great. The privacy features are great too, although email links sometimes don't work because of them (more of a feature than a bug imo).
PiHole at it's core is easy access to a bunch of blocklists. Why not just run a local resolver and import the blocklists if your usecase is mobile and you don't want to vpn your traffic?
I am using this on and off. I have some trouble with its adblocknig etc.
Some apps and some sites do not work well.
You could easily say that this is due to the pages or app itself and I agree. Still. I have to use some of them.
I've been using DNS Made Easy for some years now, can someone who knows both, fill me in on the main differences? Any need to change?
What a great write up. If they can get over the technical fear for the average user this is a huge idea and the price is fair.
I'll give a try :) but it's a little bit suspicious that there is not a single bad comment about NextDNS......
Doesn't seem to be catching much that uBlock and pihole aren't. 0.07%. Not super surprising I guess
edit...and noscript
How do ads get blocked in the DNS level?
can pdnsd (persistent/cache) work with nextdns ?
It's also fairly easy to run your own recursive resolver in case you don't want to use an external DNS service. I use Unbound and ad-blocking lists and it works great.
wow this is great! Now I want Apple to acquire them and provide this natively on the iPhone.
I've not used it, but Adguard also has an ad blocking DNS[0].
Been using NextDNS for a few months now, I cant even find a single flaw. DNS is fast, Both founder must be expert in networking, I have tried literally all the third party DNS services, Ad blocking or not and NextDNS is actually one of the best / fastest DNS services. And I often think of myself as having latency intolerance so it is very good. Despite what I thought 300,000 DNS queries/month was low it turns out I never exceeded that limit.
And its Dashboard / Control Panel, it is very fast, extremely responsive. Basically I love everything about NextDNS, from DNS Speed, Ease of use and Design. Anyone who want Ad blocking should give it a go.
Edit: Not affiliate with NextDNS, just personal opinion. Not sure why the downvote.